DescriptionThe Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs775913

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vala (PTS)buster0.42.5-1fixed
sid, trixie0.56.14-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
valasource(unstable)(not affected)
vala-0.14source(unstable)(not affected)
vala-0.16source(unstable)(not affected)


- vala-0.16 <not-affected> (MapInfo not yet present)
- vala-0.14 <not-affected> (MapInfo not yet present)
- vala <not-affected> (MapInfo not yet present)
Binaries with buggy bindings package that use Gst.MapInfo() function
are affected as well and need to be rebuilt, shotwell, rygel, ...

Search for package or bug name: Reporting problems